Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard (formerly CB Defense)
- Endpoint Standard Sensor: All Versions
Question
What is the difference between setting a Permissions policy rule to Allow, Allow & Log or Bypass?
Answer
- Allow - allows the specified behavior in the specified path; None of the specified behavior at the path is logged and no data is sent to the Endpoint Standard backend
- Allow & Log - allows the specified behavior in the specified path; All activity is logged and reported to the Endpoint Standard backend
- Bypass - all behavior is allowed in the specified path; Nothing is logged and no data is sent to the Endpoint Standard backend
Additional Notes
- By design, the Bypass action can only be used with "Performs any operation" or "Performs any API operation"
- Using Bypass with "Performs any operation" removes all visibility into any behavior within the specified path and should be used as a last resort only
- Try Bypass with "Performs any API operation" first, which limits the scope of bypass, if you are trying to find a working Permissions rule; For example to address a suspected interoperability issue with another application
Related Content